You’ve probably heard of this type of scam before:
You receive an email from a supplier (or so it appears) stating that their banking details have changed, and asking you to make future payments to the new account. The email will look exactly like a genuine one from the supplier, using the right logos and layout. But, of course, it’s not from them. It’s cleverly designed and sent by a fraudster, who hopes to pocket the payments.
Now, most people know to think twice when receiving an email like this, but here comes the clever part…
The sensible next step, upon receiving such an email is to verify whether or not it’s correct. Thumbs up to you for spotting the possible trick! But the fraudster knows that you’ll do this, and has now added an extra layer to his attack… He has hacked into the supplier’s email account, and added a rule for it to automatically reply to an email asking to verify the change of bank details. The automatic reply will, naturally, confirm that the change is genuine and should be acted upon. Very sneaky. And very clever. This is actually happening – we saw a case last week, and it’s being reported online too.
So, to stay safe against these scams, you need to check the validity of the “change of banking details” email by another, independent method. Don’t simply reply to the email, asking for confirmation. The best thing to do is to telephone the supplier, speak to them in person, and check verbally. Or you could email a different person / email address at their company to try to make your verification as separate as possible from the source of the scam.
Don’t rely on your spam filter to block these emails. Filters only stop malicious emails, that might carry viruses and other bad software. These scam emails are only text, and so are not stopped for potentially carrying any nasties. The only protection against them is your own vigilance. And that of the rest of your staff – you’re only as safe as the weakest link. So make sure that everyone is aware of these risks, and what to do about them.
Call us if you need any further advice, or to ask about staff training.